Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 15 May 2009 17:09:41 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Cc: Eugene Teo <eugene@...hat.com>,
	Steven French <sfrench@...ibm.com>, security@...nel.org,
	jlayton@...hat.com, "Steven M. Christey" <coley@...us.mitre.org>,
	dann frazier <dannf@...ian.org>, Greg KH <greg@...ah.com>
Subject: Re: Re: Update - Re: CVE request? buffer overflow in CIFS in 2.6.*

On Thu, May 14, 2009 at 01:01:11PM -0400, Steven M. Christey wrote:
> 
> On Thu, 14 May 2009, Eugene Teo wrote:
> 
> > >> CVE-2009-NOT-YET-ASSIGNED:
> > >>  http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
> > >>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
> > >>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
> > >>  + some others in progress
> >
> > These fixes need to be tagged to a CVE.
> 
> Use CVE-2009-1633, to be filled in later.  This CVE should be anchored
> *only* on the issue above.
> 
> I'm almost afraid to ask what relationship there is between the above
> commits and the extensive list of other issues from Jeff Layton, which
> lists the above commit and a ton of others.  Mark Cox or Josh Bressers,
> this might be a good time for you to step in CNA-wise?

The string conversion code in the CIFS module handling was rewritten
to be able to handle destination buffer sizes.

Its basically starting with this commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7fabf0c9479fef9fdb9528a5fbdb1cb744a744a4
and then conversions of the code to it.

I am however not sure of how much needs to be backported, I guess only
the stuff already with CVE entries.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.